Add additional principal types to role assignment resource

hashicorp · Jan 30, 2025 · 7a82f11 · 7a82f11
1 parent 4e5117d
commit 7a82f11
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/internal/services/authorization/role_assignment_resource.go b/internal/services/authorization/role_assignment_resource.go
@@ -111,6 +111,8 @@ func resourceArmRoleAssignment() *pluginsdk.Resource {
 					"User",
 					"Group",
 					"ServicePrincipal",
+					"Device",
+					"ForeignGroup",
 				}, false),
 			},
 

diff --git a/website/docs/r/role_assignment.html.markdown b/website/docs/r/role_assignment.html.markdown
@@ -187,7 +187,7 @@ The following arguments are supported:
 
 ~> **NOTE:** The Principal ID is also known as the Object ID (ie not the "Application ID" for applications).
 
-* `principal_type` - (Optional) The type of the `principal_id`. Possible values are `User`, `Group` and `ServicePrincipal`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
+* `principal_type` - (Optional) The type of the `principal_id`. Possible values are `User`, `Group`, `ServicePrincipal`, `Device` and `ForeignGroup`. Changing this forces a new resource to be created. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute.
 
 ~> **NOTE:** If one of `condition` or `condition_version` is set both fields must be present.